Re: [Leaf-user] Changes for new Dachstein release

2002-04-05 Thread John Stoffel 


I'd like to see the monster network configuration script broken up
more into seperate modules and sections.

The main config file would have the options to turn on and off various
settings.  There would be additional files for:

  local DNS definitions
  DMZ setup
  PPP, PPPOE, WAN links
  Port Forwarding Setup

Each file would be small and well commented so that it would be
obvious what options need to be changed for each section.

John

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] Timelag in Dachstein 1.0.2

2001-12-17 Thread John Stoffel 


Maxim I run Dachstein 1.0.2 and the time is one hour earlier than it
Maxim should be. How can I change this ? I run 'rdate -p -s
Maxim some.time.server  hwclock --systohc', but still one hour
Maxim earlier.  -- Best regards, M@X.

Are you sure you don't have the wrong timezone set?  You're probably
using it without Daylight savings time setup properly.

I *think* you need to edit /etc/TIMEZONE, but I haven't checked.

John

___
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

[Leaf-user] DachStein 1.0.2 - stopping martian loggin

2001-12-16 Thread John Stoffel 


Hi Charles,

Thanks again fro all the great work on Eiger and DachStein, they are
both working really well for me.  After a bit of fighting and learning
of ipchains, I gotten a couple of sucesses here while trying to fix
some problems.

The first was that I could not port forward SSH to an internal box
with either Eiger or Dach.  I had the proper stuff uncommented in
/etc/network.conf, but it just didn't work.   I ended up having to do
the following:

  ipchains -I input -i eth0 -j ACCEPT -p tcp -s 0/0 -d 0/0 24

to get the rule early enough in the input chain to be effective.  But
I think this is actually too early now, since I'm bypassing some of
the good input rules.  

My ipchains ruleset looks like this now:

# ipchains -L input
Chain input (policy DENY):
target prot opt sourcedestination   ports
ACCEPT tcp  --  anywhere anywhere  any -   24
DENY   udp  --  10.2.0.1 anywhere  any -   bootps
DENY   icmp l-  anywhere anywhere  redirect
DENY   icmp l-  anywhere anywhere  
timestamp-request
DENY   icmp l-  anywhere anywhere  timestamp-reply
DENY   all  l-  0.0.0.0  anywhere  n/a
DENY   all  l-  255.255.255.255  anywhere  n/a
DENY   all  l-  localnet/8   anywhere  n/a
DENY   all  l-  BASE-ADDRESS.MCAST.NET/4 anywhere  n/a
DENY   all  --  10.0.0.0/8   anywhere  n/a
DENY   all  --  172.16.0.0/12anywhere  n/a
DENY   all  --  192.168.0.0/16   anywhere  n/a
DENY   all  l-  0.0.0.0/8anywhere  n/a
DENY   all  l-  128.0.0.0/16 anywhere  n/a
DENY   all  l-  191.255.0.0/16   anywhere  n/a
DENY   all  l-  192.0.0.0/24 anywhere  n/a
DENY   all  l-  223.255.255.0/24 anywhere  n/a
DENY   all  l-  240.0.0.0/4  anywhere  n/a
DENY   all  l-  192.168.1.0/24   anywhere  n/a
DENY   all  l-  24-240-176-224.hsacorp.net anywhere  n/a
REJECT all  l-  anywhere localnet/8n/a
REJECT all  l-  anywhere 192.168.1.0/24n/a
REJECT tcp  --  anywhere anywhere  any -   
netbios-ns
REJECT tcp  --  anywhere anywhere  any -   135
REJECT udp  --  anywhere anywhere  any -   
netbios-ns
REJECT udp  --  anywhere anywhere  any -   135
REJECT tcp  --  anywhere anywhere  any -   
netbios-dgm:netbios-ssn
REJECT udp  --  anywhere anywhere  any -   
netbios-dgm
REJECT udp  --  anywhere anywhere  
netbios-ns:netbios-dgm -   any
REJECT udp  --  anywhere anywhere  135 -   any
REJECT tcp  --  anywhere anywhere  
netbios-ns:netbios-ssn -   any
REJECT tcp  --  anywhere anywhere  135 -   any
ACCEPT tcp  --  anywhere anywhere  any -   ssh
REJECT tcp  --  anywhere anywhere  any -   auth
ACCEPT tcp  --  anywhere anywhere  any -   
1024:65535
REJECT udp  l-  anywhere anywhere  any -   
snmp:snmp-trap
ACCEPT udp  --  anywhere anywhere  any -   domain
ACCEPT udp  --  anywhere anywhere  any -   bootpc
DENY   udp  --  anywhere anywhere  any -   bootps
ACCEPT udp  --  anywhere anywhere  any -   
1024:65535
ACCEPT icmp --  anywhere anywhere  any -   any
ACCEPT ospf --  anywhere anywhere  n/a
DENY   all  l-  anywhere anywhere  n/a
REJECT udp  l-  anywhere anywhere  any -   
snmp:snmp-trap
REJECT udp  l-  anywhere anywhere  snmp:snmp-trap 
-   any
ACCEPT all  --  anywhere anywhere  n/a


The second problem was that I was getting tons and tons of the
following messages in the /var/log/[messages,kern.log,syslog] files:

Dec 16 20:42:22 jfsgw kernel: Packet log: input DENY eth0 PROTO=17 10.2.0.1:67 
255.255.255.255:68 L=350 S=0x00 I=22593 F=0x T=255 (#9) 
Dec 16 20:42:22 jfsgw kernel: